aboutsummaryrefslogtreecommitdiffstats
path: root/roles/space_server/files/radius/sites-available
diff options
context:
space:
mode:
authorEmil Renner Berthing <esmil@labitat.dk>2017-11-18 19:34:34 +0100
committerEmil Renner Berthing <esmil@labitat.dk>2017-11-18 19:36:08 +0100
commit505f69ee1540581eef2465dc420525213d278473 (patch)
tree018b20a4586ec1cdf12fff5157f19970767e6436 /roles/space_server/files/radius/sites-available
parent5517f9fcf84ad5043ae7e45da2b592c56a3e8e94 (diff)
downloadlabitat-ansible-505f69ee1540581eef2465dc420525213d278473.tar.gz
labitat-ansible-505f69ee1540581eef2465dc420525213d278473.tar.xz
labitat-ansible-505f69ee1540581eef2465dc420525213d278473.zip
space_server: radius: clean up configuration
Disable all the unused auth methods
Diffstat (limited to 'roles/space_server/files/radius/sites-available')
-rw-r--r--roles/space_server/files/radius/sites-available/labitat17
-rw-r--r--roles/space_server/files/radius/sites-available/labitat-inner46
2 files changed, 48 insertions, 15 deletions
diff --git a/roles/space_server/files/radius/sites-available/labitat b/roles/space_server/files/radius/sites-available/labitat
index cb1bb45..fcdbda7 100644
--- a/roles/space_server/files/radius/sites-available/labitat
+++ b/roles/space_server/files/radius/sites-available/labitat
@@ -7,8 +7,8 @@ server labitat {
limit {
max_connections = 16
- lifetime = 0
- idle_timeout = 30
+ lifetime = 0
+ idle_timeout = 30
}
}
@@ -33,15 +33,6 @@ server labitat {
pap
}
- Auth-Type CHAP {
- chap
- }
-
- Auth-Type MS-CHAP {
- mschap
- }
-
- digest
eap
}
@@ -53,8 +44,6 @@ server labitat {
}
accounting {
- unix
- -sql
exec
attr_filter.accounting_response
}
@@ -63,12 +52,10 @@ server labitat {
}
post-auth {
- -sql
exec
remove_reply_message_if_eap
Post-Auth-Type REJECT {
- -sql
attr_filter.access_reject
eap
remove_reply_message_if_eap
diff --git a/roles/space_server/files/radius/sites-available/labitat-inner b/roles/space_server/files/radius/sites-available/labitat-inner
new file mode 100644
index 0000000..94d5643
--- /dev/null
+++ b/roles/space_server/files/radius/sites-available/labitat-inner
@@ -0,0 +1,46 @@
+server labitat-inner {
+
+ authorize {
+ filter_username
+ filter_inner_identity
+ suffix
+
+ update control {
+ &Proxy-To-Realm := LOCAL
+ }
+
+ eap {
+ ok = return
+ }
+
+ files
+ expiration
+ logintime
+ pap
+ }
+
+ authenticate {
+ Auth-Type PAP {
+ pap
+ }
+
+ eap
+ }
+
+ post-auth {
+ Post-Auth-Type REJECT {
+ attr_filter.access_reject
+
+ update outer.session-state {
+ &Module-Failure-Message := &request:Module-Failure-Message
+ }
+ }
+ }
+
+ pre-proxy {
+ }
+
+ post-proxy {
+ eap
+ }
+}